(This article was originally published in the January/February 2020 edition of the CBA Record. You can access the full magazine here.)
Smart devices are everywhere you look these days. The Internet of Things, defined as “the interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data,” has been one of the largest tech developments of the past decade. These devices went from novel to mainstream in the blink of an eye, so much so that your home’s refrigerator, television, thermostat, lights, and security system are potentially all internet-connected, data-harvesting machines.
These devices have the Jetsons’ glossy appeal of being novel and fun, right up until something goes wrong and you become acutely aware of how much information they control. Smart thermostats and lights have been weaponized in contentious divorces by an abusive party to make the party remaining in the home feel like they’re losing their grip on reality when the thermostat gets set to 95 degrees overnight. Such cases are often exacerbated by a lack of knowledge regarding how the devices actually work on the parts of both the represented party and the party’s representation.
Most prevalent of all though might be the virtual home assistant devices like the Amazon Alexa or Google Home. These devices in particular have become so common that several prominent legal practice management platforms launched integrations with them in the past few years. If you’ve found yourself using your Alexa in an office environment where you might be dealing with any kind of client data, there are some stories of which you should be aware before you speak another word to it.
Your Amazon Alexa essentially lies dormant in your home or office, waiting to hear a “wake” word. Yes, this means that technically speaking, Alexa is always listening. Upon hearing that wake word, the device begins recording its interaction with you. These recordings are stored on Amazon’s servers. If you don’t specifically opt out of this practice in the privacy settings, they are also then listened to by Amazon employees, transcribed, and fed back into the system to make Alexa smarter. This means that real human ears have access to your interactions with the device.
Additionally, a handful of incidents lead us to assume that this process is not as foolproof as Amazon might have you believe. Take for instance an anecdote about a Portland couple who were having a discussion in their home one evening in 2018. Their Alexa mistook some word in their conversation for a wake word, so it started recording their conversation. It also made at least five subsequent verbal cue misunderstandings that resulted in the couple’s recorded conversation being sent to several contacts in their contact list. They only realized this when one recipient called and told them to unplug the device immediately.
A man in North Carolina had a similar situation happen to him in 2017. His Alexa misunderstood several words in an unrelated conversation that was then recorded and sent to his insurance agent.
If you choose to have an Alexa in your home, that’s one thing. Giving one access to your clients’ data via your practice management system, however, seems another matter entirely. Be wary of these integrations, and of having a device that is constantly listening anywhere near an environment in which you might be dealing with confidential information.
The rise in popularity of these virtual home assistant devices has gone hand in hand with another insidious IoT device: the Amazon Ring. The Amazon Ring is a smart home security surveillance device, marketed as a tool to make you feel safer in your home. Unfortunately, these devices have proven easy to hack. One Tennessee family’s device was hacked and used by an unknown man to watch the family’s daughters in their bedroom. The devices feature voice communication capability as well, and the man actually spoke to the children through the device. Other families’ devices have been hacked, revealing intimate or compromising video footage that has then been held for ransom.
Amazon has partnered with over 600 police departments across the country to gain access to the security footage being garnered by these devices located outside of people’s homes. These police departments have encouraged residents to purchase the devices, which they can then request access to without warrants or judicial oversight.
Ultimately, these devices are probably going to remain popular. They offer added day-to-day convenience for users with the novelty factor of seeming “high-tech.” Therefore, it’s up to you to know what exactly they’re capable of, and what data they’re collecting as they sit in your home for years on end.
About the Author: Anne Haag is a Practice Management Advisor at the Chicago Bar Association. Anne worked as a patent paralegal at a Chicago IP firm before arriving at the CBA in 2017 as the Law Practice Management and Technology department’s trainer/coordinator.